Are there any added security risks that come with using a 3-tier architecture such as MVC in a software project?

I got asked this today, and my gut reaction was "I don't see why there would be." After some consideration, I decided that I don't actually know the answer. I took a look at another question, but it didn't really have any useful information.

If I may pick a nit, MVC isn't a 3-tier architecture. To quote Wikipedia "the three-tier architecture is linear, the MVC architecture is triangular".
–
David WachtfogelOct 4 '12 at 17:48

@DavidWachtfogel Heh, I guess that's technically true, but that's the first time I've heard someone say MVC isn't 3-tier. As far as most people are concerned, an architecture with 3 sections that are linked in a constrained way is 3-tier. But anyway, the definition isn't important.
–
PolynomialOct 5 '12 at 7:27

2 Answers
2

My gut feeling is that the MVC model, or, for that matter, any cleanly defined model, tends to decrease security risks. Although things are not that clear.

From a very general point of view, security issues are a special kind of bug, on the implementation or on the structure (possibly the specification). Knowledge dilution is a huge risk factor: bugs happen more often when there are more people involved in the project. To keep the whole thing secure, there must be someone, at some point, with a transverse view of the project, who can think architecturally and grasp the interactions between all the modules; this becomes harder when the project size grows. To say things in plain words, for a secure Linux kernel, you need a Linus Torvalds: one head who receives all the information.

Any clean model which defines the roles and tasks of sub-modules in a clear way, such as the MVC architecture, will help that one-thinking-head a lot. It makes it possible to maintain the necessary project-wide security thinking framework, when the project becomes huge. On the other hand, the MVC model encourages throwing more developers at a project, which mechanically increases security risks, so MVC is a mixed blessing.

As a basic rule, the smaller the project, the more secure it can get. The Lone Wolf Developer model will get you more secure applications, and probably will deliver them faster, but with less features.

+1 for knowledge dilution. In theory, a well-architected three-tier app, with the exact roles of each tier explicitly documented, could be a security benefit. In reality, what tends to happen is that team A think component B will be doing an authorisation check, and team B will think that component A has already done it, or some combination of corner cases on each component will result in a path that goes unchecked...
–
bobinceOct 5 '12 at 17:33